Arbitrary File Write Vulnerability in Spring Integration ZIP by Pivotal
CVE-2018-1261
4.7MEDIUM
What is CVE-2018-1261?
An arbitrary file write vulnerability exists in Spring Integration ZIP versions prior to 1.0.1 due to improper handling of specially crafted zip archives. Malicious users can exploit this vulnerability using path traversal filenames to write files outside of the intended extraction directory. This issue can affect other archive formats, including bzip2, tar, xz, war, cpio, and 7z, posing a significant risk if exploited.
Affected Version(s)
Spring Integration Zip 5.0.x prior to 5.0.6; 4.3.x prior to 4.3.17
